×

Securing customer data in SaaS products

Risk mitigation and compliance: How Starburst manages risk in Starburst Galaxy

Last Updated: June 21, 2024

With any SaaS solution, the security of customer data is paramount. At Starburst, we employ a number of best practices for securing data within a cloud-native environment.

Cloud Infrastructure

Our infrastructure is continuously monitored and protected by AWS GuardDuty, while the Galaxy app itself is protected from DDOS attacks and traffic spikes by Cloudflare’s global threat protection network. Access to the Galaxy UI is secured with TLS encryption and customer data is never stored within the platform, only queried data is accessed by the platform. Starburst Galaxy does not collect or store credit card information; payments made for Starburst products are completed through Stripe.

PII and third-parties

While your data sources for Starburst Galaxy are managed by you, Starburst staff may be required to access customer information via the Galaxy user interface to provide customer support, fulfill legal requirements, or for other legitimate business purposes. These staff are specially trained to protect privacy through the safeguarding of PII and other sensitive information, and any customer information required to complete the support engagement is deleted upon resolution. 

With regard to third-parties, each vendor is screened for adherence to our rigorous standards prior to onboarding and annually reassessed for potential risk to our customers. Data categories that are not critical to providing services are omitted from data transfers. The list of our subprocessors and the data categories shared with them is available here

For GDPR compliance, Starburst can comply via Standard Contractual Clauses (SCCs) and the data hosting location may be specified in the MSA if EU access is required.

Secure development lifecycle

We follow a secure development process from planning through to production. Security and privacy considerations are accounted for early in feature development, risks and vulnerabilities are tracked through mitigation and remediation respectively, peer reviews are conducted on each commit, and both our on-premise and SaaS products receive regular code scanning through Veracode as well as annual penetration tests. Critical vulnerabilities requiring a patch are addressed according to our SLAs and customers are advised of any additional action needed.

External Auditor Compliance

We maintain both ISO 27001 and SOC2 compliance, which means every business decision is made with this in mind. Undue risk is not introduced into our environment and we strive to go beyond simply meeting compliance controls through continuous improvement of our processes and procedures. 

Starburst Galaxy: Defense-in-depth

Through the above measures, Starburst seeks to mitigate the inherent risks associated with utilizing a SaaS product, with particular emphasis on safeguarding any customer data that the platform ingests. We have taken the utmost care to provide defense-in-depth in our products and continual re-examination of our security and development practices. Starburst fosters a culture of feedback and this is reflected in our commitment to creating and maintaining secure products that our customers can depend upon to meet the technological and privacy needs of their business.

What are some next steps you can take?

Below are three ways you can continue your journey to accelerate data access at your company

  1. 1

    Schedule a demo with us to see Starburst Galaxy in action.

  2. 2

    Automate the Icehouse: Our fully-managed open lakehouse platform

  3. 3

    Follow us on YouTube, LinkedIn, and X(Twitter).

Start Free with
Starburst Galaxy

Up to $500 in usage credits included

  • Query your data lake fast with Starburst's best-in-class MPP SQL query engine
  • Get up and running in less than 5 minutes
  • Easily deploy clusters in AWS, Azure and Google Cloud
For more deployment options:
Download Starburst Enterprise

Please fill in all required fields and ensure you are using a valid email address.

s